315 days and counting!

For those who thought that GDPR wasn’t for them, either in the hope that they were too small and insignificant for anyone to notice, or it just seems too complicated and bothersome, so why not kick it down the road. Sorry, its not going to go away and as the BBC highlighted last week, the consequences of failing to take appropriate measures could prove catastrophic.

Whilst giving a talk on GDPR and cyber-security to members of the NAEA and ARLA the other evening, unsurprisingly many of the questions led back to GDPR. In particular one attendee asked that if they had already secured consent under the Data Protection Act to hold and use the personal data of someone selling or buying, letting or renting a property, would they be required to obtain that consent again post 25th May next year?

In the immortal words of Vicky Pollard, “no but, yeah but.” So, you could be forgiven for being a trifle confused.

In short, “No,” you don’t have to re-obtain consent, providing the terms of the original consent you obtained are GDPR compliant.

In practical terms and in a lot of cases, consent obtained under the current Data Protection Act is not likely to comply with GDPR, so “Yes,” you are going to have to re-obtain consent.

So, assuming the data you are collecting today and for the foreseeable future is going to be required after May 2018 and not fall redundant and be deleted in the interim, then the best way around this conundrum is to amend your processes ASAP, so that consents obtained between now and next May are already compliant and you don’t have to repeat the work.

Not wishing to sound like a stuck record, but conscious that that is exactly what I’ll sound like; “its all in the preparation.” Don’t leave it until April next year. It will be too late. 315 days might sound like a lot of time, but it will go in a flash! And, if you want more help, why not get in touch?